Windows
Analysis Report
https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bm-2FvOge1W36GwvuSdih0P4JugvzV4-2FrWyPqZWCP-2FjIBNLIQsDH-2BiJ-2FwtGIsQEo-2F1lg-3D-3DD4vy_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkMIeqE5kJRv-2BwjlJ-2BTz9LaXXbddhQoxXZFjW61L1BulkplVPhKO5ARKFw4WBNXwUjDYnN9WjvMC1qZal-2BSbiVhkNDX
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 1828 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// u43957641. ct.sendgri d.net/ls/c lick?upn=u 001.0Q2k6T kbkoom04Jc BCS1bm-2Fv Oge1W36Gwv uSdih0P4Ju gvzV4-2FrW yPqZWCP-2F jIBNLIQsDH -2BiJ-2Fwt GIsQEo-2F1 lg-3D-3DD4 vy_FXZTG-2 Bj8dxNvEux DJrPqKA8uB 9LHQ48OflW nDl8SlkMIe qE5kJRv-2B wjlJ-2BTz9 LaXXbddhQo xXZFjW61L1 BulkplVPhK O5ARKFw4WB NXwUjDYnN9 WjvMC1qZal -2BSbiVhkN DXHzo0-2BR l2juwpMn3h 9dNAq9ZBCf 8LnPEOZY9G qbZetUAeU7 Eutkrra6Rq LG0LYTAB9p nUknxEinL3 j6RW-2F5Aa wLVk6-2FJE sz0F-2FhvP x4oc-3D MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 5016 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2204 --fi eld-trial- handle=196 4,i,656523 7022514382 847,255889 8425133364 238,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- Acrobat.exe (PID: 1484 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\I PKGELNTQY. pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2396 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 5464 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 72 --field -trial-han dle=1584,i ,164938585 0141025282 6,12361641 6489317697 59,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File opened: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.141.103 | true | false | high | |
u43957641.ct.sendgrid.net | 167.89.123.147 | true | false | high | |
091.it-mil-1.linodeobjects.com | unknown | unknown | false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
167.89.123.147 | u43957641.ct.sendgrid.net | United States | 11377 | SENDGRIDUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
142.251.2.84 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.2.138 | unknown | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.251.2.139 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.101.94 | unknown | United States | 15169 | GOOGLEUS | false | |
34.193.227.236 | unknown | United States | 14618 | AMAZON-AESUS | false | |
142.250.141.103 | www.google.com | United States | 15169 | GOOGLEUS | false | |
172.232.192.101 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
74.125.137.94 | unknown | United States | 15169 | GOOGLEUS | false | |
172.64.41.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
23.206.4.165 | unknown | United States | 16625 | AKAMAI-ASUS | false |
IP |
---|
192.168.2.17 |
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431005 |
Start date and time: | 2024-04-24 12:59:13 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bm-2FvOge1W36GwvuSdih0P4JugvzV4-2FrWyPqZWCP-2FjIBNLIQsDH-2BiJ-2FwtGIsQEo-2F1lg-3D-3DD4vy_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkMIeqE5kJRv-2BwjlJ-2BTz9LaXXbddhQoxXZFjW61L1BulkplVPhKO5ARKFw4WBNXwUjDYnN9WjvMC1qZal-2BSbiVhkNDXHzo0-2BRl2juwpMn3h9dNAq9ZBCf8LnPEOZY9GqbZetUAeU7Eutkrra6RqLG0LYTAB9pnUknxEinL3j6RW-2F5AawLVk6-2FJEsz0F-2FhvPx4oc-3D |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 23 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@32/32@6/108 |
- Exclude process from analysis (whitelisted): SIHClient.exe
- Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.139, 142.251.2.113, 142.251.2.102, 142.251.2.138, 142.251.2.101, 142.251.2.100, 142.251.2.84, 34.104.35.123, 172.232.192.101, 172.232.192.104, 172.232.192.103, 172.232.192.105, 172.232.192.99, 172.232.192.98
- Excluded domains from analysis (whitelisted): it-mil-1.linodeobjects.com.akadns.net, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.335675271083342 |
Encrypted: | false |
SSDEEP: | |
MD5: | 21C2897AF61008642F5447F04E9F720F |
SHA1: | 5DB15007DFD99D2C8BA52ED6A9CA367BFB82FCEE |
SHA-256: | 7D687A5B42C9B0C87B1CAF5CDF52CB20EEA6BD77E4C8D38AE680581BA6D4FCCB |
SHA-512: | 63FF37F2ED47A2AD1532AC1266216A88F7BE133060C79AA72EECA5633313D25A4932BF6F46E03916B21768AD5B2FD04F01FCB33A473C9A44C63C9E025A465F4E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2812323064839815 |
Encrypted: | false |
SSDEEP: | |
MD5: | AD540C09C742E3AB5735F5C1801982E5 |
SHA1: | 2683B3D015D98F4CC4259B7FC3BC6F359725D02F |
SHA-256: | 8285F013EC0E42DF6CE024A436BFB853F48A77D8ACCC39B2D791F86CBCAE36B3 |
SHA-512: | D75E1BFBAC79004C717497C9EB83CB4D5C9903FAC30CE3C47E6B6ECA77FD1402596444AA895639B5625E5CFB092A86CA3C5B94867B83E1A105826E98D1608807 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.258993376855807 |
Encrypted: | false |
SSDEEP: | |
MD5: | 89E7563CFC6780700F2CB179D82C4A0E |
SHA1: | 37F8D89C9CAFDF9B87FFC488BEA03C3255593521 |
SHA-256: | A784F61928AF5D2D8DCE891DED2DEEAA576D8C4D73660A0CF08398E9A48FA1F9 |
SHA-512: | 8CDE3F98E93394E0FCB8585CBCEAE103F82DE63866312AC1D8BF7A5AC62A0F4B1E1156CBFC833BC0B6B97D0292A02112BA4908106C2244A69A7EE0E09A79B31D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.320800242031623 |
Encrypted: | false |
SSDEEP: | |
MD5: | E20712D97F30458A7D9E9F4D89B8130F |
SHA1: | CB8A4F2AF4937CA7BB46174509AFE0AF786C8F28 |
SHA-256: | 760C78EF9DF42440EC62AB20AC533AE09A6FA15D8D10F8579A39F3DAD9866569 |
SHA-512: | C847CE0B5ACD183B54AD6EA45B95BB6D1EE4E9FFA6D9C66AE0FC9B818F3808CCF1CB540DACA290837164D3254421222713B452EB5283ECAE041971D38B2B2FC6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.282774554271022 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1FAAFD2FF627F891BCBB703DE8F44118 |
SHA1: | AD59E0CC455A9D6DE08606EEA56511321F6AEF67 |
SHA-256: | 1AC0AB26B5EADAD96F99DD38FE149605A8A9126FE939C168BDC6FCB379F0D390 |
SHA-512: | 1DCEA601EADEAEEAED79765F45E8B29348A3006DFCC39149938F09215E15063F9DCD779795A7BD82A56A41CFA2F27BECDE9CA8632620C4BA4789F82EAA1BBA38 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.267881790759336 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0A5040FE6215C5FA09CAA65F102B82F0 |
SHA1: | B1AFCBB44D90C1EC89B1BAEE6359B5CAEBCFE557 |
SHA-256: | 33697B1C7E434A065EB870AE590D9AD8E659B5207439572D525FBF2299121D40 |
SHA-512: | EAB832A42176771B51AE0484F11CA75B05D26C8CE7BC4E4A888104F6AFD7FE7BD907ACF136016C88F1D1D42B9BB623591F9D38E47B5A1175CC6B75AFB43318CF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.270010756851178 |
Encrypted: | false |
SSDEEP: | |
MD5: | 426112BB51C41A400A4A5CC4A4C1C672 |
SHA1: | 403C3D559084C3C31CA336D7CCFEEED19F55D7CC |
SHA-256: | B90E5A512B07E3C6EF15E1BF55A30FBE79CE1EA6EABA207BECEE69182EB51EB6 |
SHA-512: | B01F3B23243EE09D5DBC79C4EDA205F23366169089E01C687B342C5A180632942D179F06C538DFD255A738B9F8957EAA1FA48E26C47401ADA230C0A74AB78674 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.278681445537949 |
Encrypted: | false |
SSDEEP: | |
MD5: | 36040BAA8F29277C7E6F1D52797FEACB |
SHA1: | E6EFC3BE998ADC5FC1EFDBCE7487AA221C124F62 |
SHA-256: | 23B9FBBBB1819D575792BAFC66E83D468F571740A5B2EEFDA6FD62FB6CB91894 |
SHA-512: | 4CB8DF3F8FBE7687573EDAB2627882C0737F269131C5C7C1092DB9087FB4911D13F77C6F157AA696319233CF3BFFB2E3CD5EA9727A1342F11A94269BD9A77558 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.737811795972258 |
Encrypted: | false |
SSDEEP: | |
MD5: | 189D25F0E5C4A6241C20B66AC3A57FFC |
SHA1: | 1ECD78900D7E3F8D58041C4F5F59474B046BC784 |
SHA-256: | 2912D4AB4F4378483375D324592D6CF691B8793C05156E22EADF2B0FB0DE42A8 |
SHA-512: | 441E0988104D061E0701DDDD2712CCB326229BC8C925B30A65E3679DA7E79617571DDECFA682F9A3FCF37CA7EDA83C919159CB3691EFBD75CF6CC138F5C4F4B4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.275669042354409 |
Encrypted: | false |
SSDEEP: | |
MD5: | F393CD979990A43C2BF30EF5651B045C |
SHA1: | 0A41F7CFDCFD5CA8E9C6791C57C33EB55B55D5B8 |
SHA-256: | 0781594FFF5E76CA98F8A70C2A663BFB19369658A4DC4479DC93DEC8D3FCA7C8 |
SHA-512: | C7E37E4EBFA1834CD28215B830348878548CB39A2779FD0F9AC1C746A11E92051F9740680614B239FC33893C6D1FE14712DF7F989CEC64540AD5FC3AB05C9457 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.775693586319366 |
Encrypted: | false |
SSDEEP: | |
MD5: | 117BC6A9B5E05CF1DB01C110DD1E186B |
SHA1: | 2A46D8BFC62448690EE1184B1BBD97B3740CF243 |
SHA-256: | D28B29946545A9D9575453E21B2B264D46B1CF7A377EE2ECB934C4385C166A4A |
SHA-512: | B0DA5A4A1E394D8E5296CF28654E0079AF621A6DE1EC7B61960B6DC960CC7C0422FE2E7278DD4147CB106CB4D622AA3A7C59D6CD3476C739A00015A5AA10C252 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.259383363104873 |
Encrypted: | false |
SSDEEP: | |
MD5: | BC16BE676FB6D3C990399903F80A0E02 |
SHA1: | CAB1428EEF528A18B2A789C5570CDDFA8C87370D |
SHA-256: | 33AF936E38B24B8CEACCACDB69DA960500A30873012600152107D75A28D22E16 |
SHA-512: | 554A1913B2F14530A0DE75237377DA000A9E5860E84C81AB4CF5025842A583212DC8E207A0FE326EE088A9816CF0DBB2E4F80ACE9153AE49B5C1DBCD51EFEDB8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.261559773687141 |
Encrypted: | false |
SSDEEP: | |
MD5: | A337A6DB57F83E3BCAD5F9276472D844 |
SHA1: | 3A1774E99A3BE70423692BC00E25E0B52737B092 |
SHA-256: | 236DBC73A1CA44541E9C40E3B396CB089501FDA77D58F52E4F35DCD430DD3E6A |
SHA-512: | 6F782462B31C6659A4A75ABFD59AB8106C33C33F09F6ACF03240994A27A099C3392BB8F5E5459EDBD8FEB96C29DADBAC4A9C75004E4EBA03081DC684AAF59B63 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.282504171112556 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0644BA8AD5347579ABE98174B741E626 |
SHA1: | 5264AF4BD344C5C8E741083162A2DEB47977CFE1 |
SHA-256: | 2CADA9F919AD8194C05709E27A8963999383EBE5E0DCEB0B7CEE991FE2A8D873 |
SHA-512: | 2BDA625A1C39E367684F65B9E5E5D1A8663428096C87A0AC8D93A752D95C51A6EB159E4BFCC97999E00A61FFC47B3544855B80C6D56F0E4C1BC63B79AB437115 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.236265072053378 |
Encrypted: | false |
SSDEEP: | |
MD5: | AF42BB47CDDAB3889ECAE5AED760EA7A |
SHA1: | 43FC7D7E4E334E0167AC5828CB7F11685ADBA9D4 |
SHA-256: | 2D03B8677CB78B68F7B0B474BEF76E2A788A7F2141817258A9489A8F41ACB2F7 |
SHA-512: | 1978A2C425DE4E40D455AC33F39B60B40B8E9E93C69C2A70FABC26437FEFA6AF77B88BE807D69AD1453658C4AEEE80D8274955ED319924FAE0959D87969387CF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.363305196910238 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0A5ACA6CFD6E98DEE012FAD4144E4827 |
SHA1: | 1D7E8067CC0ACBBCB347571190B8E71F080EA591 |
SHA-256: | 8234F5FA02DE643C8C33B3E3E4EA4B8E7326C0DAFF07EC5928C418E6DAC83314 |
SHA-512: | 1FB53DC268FC3C09474BC884B0CC10E7BCF92A2FA7B56AB82440DA42DF416545A36BD50E57A030D50C0346E28568DD0F484989EB7FD14D217099B6163F0290B7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.137479024394808 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9A100C76D254D209717746DF310E550C |
SHA1: | 74394CBC1DC9AA59F7B7ADCA5973EBB380ABDEC8 |
SHA-256: | DB620764DF1F623D0144DC7EAAC22D2B558301BF481B8D02915C0922E5718A91 |
SHA-512: | 045C8CEA443C55E75D06B11566709AA0DE4F737BC71C6C4EDBC6A90F3A1551B7E1FD7411527608825A26D84426801E7664D4B58617963D85D644DCDB1F62A510 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.355786626452215 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9771F66F209D836D482EC863C4197025 |
SHA1: | 4E518EFC7B94FE95780F14A40A4271667C83CD9A |
SHA-256: | 03864A45990EFBCEBE8959A81C4AAFA54E0552E5ED1D98324A4598626EB065BC |
SHA-512: | 7E9AA1C45BE3C12F9FEC11D729E5373E5961B4ACF18110390A669239E3FD67763EC0614C307D6F298B877D2B3A2A55C6B36AC4AC1EA18D8913B62AE5F8F377F5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.829034673814279 |
Encrypted: | false |
SSDEEP: | |
MD5: | AB66AB78BFEA715695C36F57A63E55D0 |
SHA1: | EC83748021074A228B63ECFDDCD5BDA090426AD4 |
SHA-256: | E88EC703D4526BFBE07DBAF3EC3A200428E53ED79DE23ED506FA8F113B22D300 |
SHA-512: | 78CBFCFA9D0424166CC88B4C0F33858569E5335B91AB7253E92866BC67A88D9919BA80684EF8B57B9246923B0DE87D81A5A7006B65CCAA03AD945D9858F96292 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.4973455600014702 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F0BF37D16A9F1B72F39DADC42206B68 |
SHA1: | C1D0DAB5E940E59B0B2F83AE9BB61B9FFA72DD82 |
SHA-256: | ABF757EF15BB75107B00A8577D799938AD147F4FEA57AE5647F84ECB6DA4B309 |
SHA-512: | 2959F6A6353CEAA1CFAA0BE9A0F1FA21F618674F1FC3797D9CFC21F854EDAB69446CC6C680DD277D99A4DB380281C7B7D107C530783F725013FD91F184DF7F79 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 13-01-06-381.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.359827924713262 |
Encrypted: | false |
SSDEEP: | |
MD5: | 06DEAEDB81D09FD8FB5FF668D8E09CB2 |
SHA1: | 28A02BCBD5975117B97A08AFB049F2C94F334726 |
SHA-256: | D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64 |
SHA-512: | 948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35814 |
Entropy (8bit): | 5.41541745246144 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6341301DDE6CB593987B0F9BE8AD19BB |
SHA1: | 40B9A47A2CD66F03A5617C11065F4421B12A8010 |
SHA-256: | 1C830C4CD63A1E7BBF2208FCA2F890654FD2EB541D61E91422DA0A4649B20C5F |
SHA-512: | 562828D15485273CF3DF28EE93A214AF42A5AE1DF28618E5B47C212BCC401BB149D87541FF67ADC57F207D147FF72F0ADEB9B365DD65F03BC6D05B2AA7E625AE |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.980600513848613 |
Encrypted: | false |
SSDEEP: | |
MD5: | B96FDB817D028E97B4FACC9D5EE0D618 |
SHA1: | 53DF64DF2B0FEAAB7C78162AE2EFAD2D1E1805F9 |
SHA-256: | C696586538AA2189AEAA2EAFDC4594D06987F07FA65E17F45469C8633666642E |
SHA-512: | 138328D2E46440F2A2917831212D0120C05A86E43F4C602EE1C2C2FB4FD8C50234AA0D550004063A6A0861EB345DB123234BEE801A9051E2714BD1A3B7716A8B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9980859387306316 |
Encrypted: | false |
SSDEEP: | |
MD5: | 40D79575CA77D797CF5905BBFAA6DA7F |
SHA1: | 566E3FF0FBF979B57DDA03EE55C1DEE83E432429 |
SHA-256: | 840E695EF58D2357E0CE79ABEF70E954C5633089732A850C89EE99242FD11F91 |
SHA-512: | FC00D9A97D1BC01BE6926F5FE6D457FDDD38F4772C934171C3FB7297F444628CB21656C034C7D5A93859C4DF992E182B2CE40D68308350B9AA9DF8BCB37AC2F4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.006500720480231 |
Encrypted: | false |
SSDEEP: | |
MD5: | 76F9DEAAD8CB85015D9D450C97465C61 |
SHA1: | FE3D069B90F34662D77FCD8F23DD47B46DD7D572 |
SHA-256: | CA3E531A913DBB364EBDC91F2C59F454357DFAE0FD1ECED9B78F295E0FF10F9A |
SHA-512: | C3830516E3F7DE8060422B3CDE06407A7C0AB28AA90DDB96BC617A7192DBA154BCA0BB907BD09D2E4069485D19B0176B274E4013BE659A207D9D53FE13016236 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.998216286365906 |
Encrypted: | false |
SSDEEP: | |
MD5: | FBE4C91EE9F87FE493F911BC09DD7774 |
SHA1: | CAFA76F7423BB1EF748637696A6247C1E59BC4AC |
SHA-256: | 4FC21BF1C98978BD5EC0FD3DDF0F6313DB984BAA27EA1672731C846CF9149477 |
SHA-512: | 92D269C32E6DEA93B8D875A8F45E0E396445FD33666B3A587FA75CFAD514F3FD47AE14DE91AD66E9E800486D13C1BC01B0B47A3D01B422F652BB5B03B9CEA96D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.986770205605966 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8D5F9A16701F2EE5C5F67488D36F2463 |
SHA1: | FDC724DBBF2185F6CE653AAA22F0657852DFEF6A |
SHA-256: | FB8E83D22E171014B3F0E5F87FFC58AFA10C98A49376FAF101B30720D08F2679 |
SHA-512: | D62AC1EB7DB8FDEBBD0FE4981A057C5426FE0153C7396C17E1EE3BE08A49A6FB39E2AFFD4F52D7B6B2FB9CF336FBC4DF76017BE9240641195B114F0E92699C91 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9993705579388554 |
Encrypted: | false |
SSDEEP: | |
MD5: | D886DA051009700A7853D711B1A7CE4E |
SHA1: | 624435F1E5D78B42F761E9AFAC7BDD4317AFD068 |
SHA-256: | 8A5BA529EDFA383EE85035D9E984E519BBD8F36DCFCE665001B22A74C38CFDDE |
SHA-512: | D97BDE0CE0392C09A137C9064D37064D7B8339E7E15191363DBC5F703CF32633C1E4B31A29A91A4C1E25896E575133757C36C3FD2E5C91C84F042387D483A51E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 221 |
Entropy (8bit): | 5.125080156870459 |
Encrypted: | false |
SSDEEP: | |
MD5: | C3EF1304CA515A33205663A6F503622F |
SHA1: | 530CE1BBB078BD34BB85FE840DC275A348C4D5CF |
SHA-256: | 6B8D55B46B85455B882BE4623F516EE666855B524FC7E011DC2CC1AC00B50429 |
SHA-512: | B6E955C90CDC8E3613D1BF8852FA8C0B2D71DB419753EEDF2EE5D776EC8DA07972C2189BDD3BCE5830C1B9C6F37AE51E2149E02F72458A09BDD85726BBACF8D6 |
Malicious: | false |
Reputation: | unknown |
URL: | https://091.it-mil-1.linodeobjects.com/g.html |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 221 |
Entropy (8bit): | 5.22369272806993 |
Encrypted: | false |
SSDEEP: | |
MD5: | FA3028D71155B00FDCB33174A0082D51 |
SHA1: | 2850CDF9084452AAAE9E95CA566F2598F638596F |
SHA-256: | 63C015BC6D24E8F36CC6CE8E2411513E67294863D17AAE1BFA4F558DE5748034 |
SHA-512: | C8EE61FD985996F23E8A975A9285E80947CA2CC60D30EF62D13150A97936D4916607F9F0E124EB029C383F61B1873987CF75F3E5BE3552C2F933B76E64EDDEF5 |
Malicious: | false |
Reputation: | unknown |
URL: | https://091.it-mil-1.linodeobjects.com/favicon.ico |
Preview: |